Those of you who have been following WoW.com know that Blizzard is giving serious consideration to the idea of mandatory authenticators. If you don't know what an authenticator is (if you do, skip this paragraph), it's a small device that adds an extra layer of security to your account. When you push the button on your authenticator, it gives you a six-digit number. That number changes every thirty seconds or so (I don't know how frequently it actually changes; that's just a rough guess). After you attach the authenticator to your account, every time you log in to WoW, you will be asked to type in that six-digit number. The net effect is that your account becomes practically unhackable.
To give you a summary of the WoW.com article and what it assumes you know, gold sellers get their gold by hacking other players' accounts and stealing whatever gold and items they can. They do this by stealing your account info (username and password) through keyloggers or phony sites that ask for your account info. Once they have your username and password, they log into your account and take everything you have. Blizzard can restore your account to its former state, but hacking has become such a problem that it now takes days for such restorations to take effect, simply because so many players are being hacked and requesting restorations. This is really bogging down Blizzard's support team, but how to put a stop to it? Well, if everyone had authenticators, hacking players' accounts would be almost impossible. Hence Blizzard giving serious consideration to making authenticators mandatory if you want to play WoW. But should they?
Let's get a few things straight; no matter how much you know about computer security, and no matter how safe you think you are, it is possible for you to be hacked. The number of stories in the WoW.com comment section about people who thought they could never be hacked but were should attest to that. Also, though it is possible to hack an iPhone/iPod Touch authenticator and thus hack the authenticated account (possible, but certainly not easy), having a physical authenticator makes you pretty much immune to hacking. Finally, all of the conclusions I come to below assume that Blizzard is willing and able to ship authenticators to all of its customers, regardless of where they are, which currently isn't the case, but that could always change.
So, should authenticators be mandatory? For starters, I think that if you have already been hacked, then you should be required to have an authenticator before you can log in again. Being hacked shows that, no matter what you may think, you made some mistake that made you vulnerable to being hacked, and thus you are liable to be hacked again, which creates more work for Blizzard. As such, I think Blizzard should make authenticators mandatory for anyone who is hacked. Or failing that, limit players to one account restoration unless they get an authenticator. If they are hacked once, they don't take the proper precautions to prevent it from happening again, and it happens to them again? Tough luck; have a nice day and enjoy starting over.
But what about everyone else? For starters, hackers are only going to target accounts worth hacking, meaning accounts with a lot of money on them. As such, they aren't going to target the accounts of people who haven't even reached 60. If Blizzard were to make authenticators universally mandatory, that would mean that even people trying the game for the first time would need to have one. That would turn a lot of people off from trying WoW, all for the sake of protecting people who wouldn't be targeted. Sure, hackers will go for any gold they can, but would they really go for someone with only one hundred gold, spread between five characters? Considering how cheap gold is these days (on my realm on the first site I got when I googled "buy WoW gold", $1 will get you 200 gold), I doubt they would. While I don't know what they threshold is for what makes an account "hack worthy," there is no point in requiring authenticators for people who fall below that threshold.
Still, we can try to guess where that threshold may be, and if Blizzard wants to responsibly implement a mandatory authenticator policy, they will have to guess. I would guess that no one is worth hacking until they hit sixty, at the very least. Outland is when quests start rewarding significant amounts of gold, but significant is a relative term. My shaman is about to hit 61, and after three levels in Outland, he still only has 156 gold. That wouldn't even go for a dollar on my realm, so if he were my only character, a hacker wouldn't get much out of stealing my account. Still, as players approach the level cap, the amount of gold they have increases significantly, to the point where hacking them may be worth it.
Regardless of what level a person needs to reach before they are generally hack-worthy, the solution Blizzard implements needs to be easy to carry out and elegant in its execution. For that reason, I stand with much of the player base in saying that anyone who wants to upgrade their account to a Cataclysm account should be required to have an authenticator. All Cataclysm boxes could ship with authenticators included in them, and if the authenticator isn't attached to your account, you can install the game, but you won't be able to upgrade your account, which you need to do to actually play the new 80-85 content. By the time a player reaches 80, they will probably have enough gold to make them hack worthy, and requiring an authenticator get the next expansion means that players won't feel as forced to get an authenticator as they would feel if they were simply required to have one by a certain date (like with the battle.net transfer). Players could get authenticators in their own time when they actually needed one.
Still, that leaves one group to consider: guild officers. It's possible for someone to be promoted to an officer position before they get close to the level cap, and if that gives them access to the guild bank, then one hacked account could mean dozens of items stolen from all of the members of the guild. Still, it would be impractical for the game itself to require that all guild officers have authenticators, since some guilds don't have guild banks worth stealing from. This is a more subjective matter than at what level a character becomes hack-worthy, so I think the best option is to allow the guild master (and maybe the officers) to see who has an authenticator attached to their account and who doesn't. It will then be his prerogative to only promote players with authenticators to the officer position, or to only grant bank access to officers with authenticators.
So, for the record, here's a summary of my take on who should be required to have authenticators:
-Anyone who has already been hacked.
-Anyone who wished to upgrade their account to be compatible with Cataclysm.
-At the discretion of the guild leader, any guild members with access to valuable tabs of the guild bank.
Friday, January 15, 2010
Subscribe to:
Post Comments (Atom)
I think that considering some accounts to be un-hackworthy is only going to exacerbate the problem. From my point of view, gold spammers are after all the gold that they can get, and a fair few of them seem determined to wreck all the havoc they can in the process, so hacking an account with only 200 gold would be worth it to them.
ReplyDeleteSecond, since I don't think there's any way for someone outside the game to see how much gold an account has, then only way for a hacker to know you only had 200 gold (or whatever) would be to get into your account and look, and if they are already there, then why not take everything you have?
If Blizzard is giving serious thought to making authenticators mandatory, then they need to be mandatory for everyone, regardless of level, location, or previous hacking experience. If you leave any loophole, no matter how inconsequential it may seem, it's something the gold sellers will see, and exploit. Witness the use of DK's to sell gold, or the trick they use to get you to invite them into a group, where the chat (it seems) is less actionable on Blizzard's part.
I do, however, absolutely agree that if you've been hacked, then an authenticator should be mandatory for you, even if it's not mandatory for everyone else. You've already messed up once....